Return-Path: 
 <security-dev-return-4795-apmail-xml-security-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-security-dev-archive@www.apache.org
Received: (qmail 83943 invoked from network); 19 Dec 2005 14:47:29 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 19 Dec 2005 14:47:29 -0000
Received: (qmail 79110 invoked by uid 500); 19 Dec 2005 14:47:27 -0000
Delivered-To: apmail-xml-security-dev-archive@xml.apache.org
Received: (qmail 79090 invoked by uid 500); 19 Dec 2005 14:47:27 -0000
Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:security-dev@xml.apache.org>
List-Help: <mailto:security-dev-help@xml.apache.org>
List-Unsubscribe: <mailto:security-dev-unsubscribe@xml.apache.org>
Reply-To: security-dev@xml.apache.org
List-Id: <security-dev.xml.apache.org>
Delivered-To: mailing list security-dev@xml.apache.org
Received: (qmail 79076 invoked by uid 99); 19 Dec 2005 14:47:27 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2005 06:47:27 -0800
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [128.146.216.79] (HELO defang10.net.ohio-state.edu)
 (128.146.216.79)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2005 06:47:26 -0800
Received: from bytor (dhcp-128-146-243-81.it.ohio-state.edu [128.146.243.81])
	by defang10.net.ohio-state.edu (8.13.1/8.13.1) with ESMTP id jBJEl57h005979
	for <security-dev@xml.apache.org>; Mon, 19 Dec 2005 09:47:05 -0500
Message-Id: <200512191447.jBJEl57h005979@defang10.net.ohio-state.edu>
From: "Scott Cantor" <cantor.2@osu.edu>
To: <security-dev@xml.apache.org>
Subject: RE: base64Binary, canonical form ?
Date: Mon, 19 Dec 2005 09:47:07 -0500
Organization: The Ohio State University
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-reply-to: <KLEALAGFGLEABIHOIFDLGEBLCDAA.Jon.Olav.Linde@beepscience.com>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-index: AcYEqeJXkvxfoMBMQkG+W2os0edppwAAOo+Q
X-Spam-Score: undef - spam scanning disabled
X-CanItPRO-Stream: outbound
X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.12
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

> However, when experimenting with the (Java) Canonicalizer class, using
> the method ALGO_ID_C14N_EXCL_OMIT_COMMENTS, I see that it does include
> whitespace (using xmlsec-1.2.1).

XML c14n is not the same as schema c14n. The inclusive and exclusive c14n
specs do not specify that the resulting output is in schema c14n form, and
since they don't involve schema at all, they wouldn't know what the types
were in order to perform that step.

> Am I reading the spec incorrectly, or is this a bug in the 
> canonicalizer ?

You're confusing two specs.

Note that the implication of this is that you have to be very careful when
validating XML and then verifying signatures over it because of how parsers
work. Using data normalization while parsing can corrupt the signature, and
virtually every parser version has subtle differences in how they deal with
base64.

-- Scott